Distributed Malware Detection Algorithm (DMDA)

Full Text (PDF, 336KB), PP.48-53

Views: 0 Downloads: 0

Author(s)

Aiman A. Abu Samra 1,* Hasan N. Qunoo 1 Alaa M. Al Salehi 1

1. Islamic University of Gaza, Gaza city, Palestine

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2017.08.07

Received: 18 May 2017 / Revised: 10 Jun. 2017 / Accepted: 5 Jul. 2017 / Published: 8 Aug. 2017

Index Terms

Android, Distributed malware, Malware detection, Transient data sources, Transient sinks

Abstract

The increasing number of malwares has led to an increase in research work on malware analysis studying the malware behavior. The malware tries to leak sensitive information from infected devices. In this paper, we study a specific attack method, which distributes the data source and the point of data loss on different versions of the malware application. That is done using local storage by storing part or all of the vital data to be leaked in the future.
We introduce a Distributed Malware Detection Algorithm (DMDA), which is an algorithm to detect distributed malware on app versions. DMDA proposes a new way to analyze application against redistributed malware. DMDA is created to analyze the data and identify transitional loss points. We test this algorithm on a sample of Android applications published on the Google Play market containing 100 applications, where each application has two versions. The algorithm detected 150 transient data sources, 200 transient loss of data point and two leakages of data. In comparison, this dataset was checked using 56 anti-malware applications but none of them could find any malicious code.

Cite This Paper

Aiman A. Abu Samra, Hasan N. Qunoo, Alaa M. Al Salehi, "Distributed Malware Detection Algorithm (DMDA)", International Journal of Computer Network and Information Security(IJCNIS), Vol.9, No.8, pp.48-53, 2017. DOI:10.5815/ijcnis.2017.08.07

Reference

[1]Y. Zhou and X. Jiang, "Dissecting Android Malware: Characterization and Evolution," in IEEE Symposium on Security and Privacy, 2012.
[2]"Android Developers," Google, [Online]. Available: http://developer.android.com/guide/topics/data/data-storage.html.
[3]Aiman A. Abu Samra, Kangbin Yim, Osama A. Ghanem, "Analysis of Clustering Technique in Android Malware Detection" IMIS-2013 7th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 3-5 July 2013, Asia University, Taichung, Taiwan.
[4]W. Enck, D. Octeau, P. McDaniel and S. Chaudhuri, "A study of android application security," in USENIX conference on Security , 2011.
[5]E. Chin, A. Porter Felt, K. Greenwood and D. Wagner, "Analyzing inter-application communication in Android," in international conference on Mobile systems, applications, and services, 2011.
[6]N. Hardy, "The Confused Deputy: (or why capabilities might have been invented)," in ACM SIGOPS Operating Systems Review, 1988.
[7]L. Davi, A. Dmitrienko, A.-R. Sadeghi and M. Winandy, "Privilege escalation attacks on android," in international conference on Information security , 2011.
[8]Felt, H. Wang, A. Moshchuk, S. Hanna and E. Chin, "Permission Re-Delegation: Attacks and Defenses," in USENIX Security Symposium, 2011.
[9]M. Grace, Y. Zhou, Z. Wang and X. Jia, "Systematic Detection of Capability Leaks in Stock Android Smartphones," in 19th NDSS, 2012.
[10]C. Gibler, J. Crussell, J. Erickson and H. Chen, "Scale, AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large," Trust and Trustworthy Computing, vol. 7344, pp. 291-307, 2012.
[11]Fuchs, A. Chaudhuri and J. Foster, "SCanDroid: Automated Security Certification of Android Applications," in Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010.
[12]Syed Arshad and Ashwin Kumar, "Android Application Analysis using Reverse Engineering Techniques and Taint-Aware Slicing". IJCA Proceedings on International Conference on Information and Communication Technologies ICICT(4):5-8, October 2014.
[13]T.J Watson Libraries for Analysis (WALA). http://wala.sf.net
[14]"Versioning Your Applications," Google, [Online]. Available: http://developer.android.com/tools/publishing/versioning.html. [Accessed 2016].
[15]G. Kildall, "A Unified Approach to Global Program Optimization," in Proceedings of the 1st Annual ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 1973.
[16]W. Enck, P. Gilbert, B.-G. Chun, L. Cox, J. Jung, P. McDaniel and A. Sheth, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones," in 9th USENIX Symposium on Operating Systems Design and Implementation, 2011.
[17]"8 Notorious Android Malware Attacks," [Online].Available:http://www.informationweek.com/mobile/8-notorious-android-malware-attacks/d/d-id/1099385.
[18]"F-Droid," [Online]. Available: https://f-droid.org/repository/browse/. [Accessed 2016]
[19]Zhukov Igor, Mikhaylov Dmitry, Starikovskiy Andrey, Dmitry Kuznetsov, Tolstaya Anastasia, Zuykov Alexander. Security Software Green Head for Mobile Devices Providing Comprehensive Protection from Malware and Illegal Activities of Cyber Criminals // Interna- tional Journal of Computer Network and Information Security (IJCNIS). — Vol. 5. — No. 5. — April 2013. —R. 1—8.
[20]Bimal Kumar Mishra, Apeksha Prajapati "Dynamic Model on the Transmission of Malicious Codes in Network", I. J. Computer Network and Information Security, 2013, 10, 17-23
[21]"F-Droid," [Online]. Available: https://f-droid.org/repository/browse/. [Accessed 2016]